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REMARKS 

This Amendment is filed in response to the Final Office Action mailed May 1, 
2008 in connection with a Request for Continued Examination and a Petition for Exten- 
sion of Time. The Applicant respectfully requests reconsideration. All objections and 
rejections are respectfully traversed. 

Claims 1-32 are now pending in the application. 

Claims 1, 14, 18, 24, and 25 have been amended. 

New claims 29-32 have been added. 

Response to Examiner's Response to Arguments 

At paragraphs 3-10 of the Final Office Action, the Examiner responds specifically 
to the Applicant's previous arguments. The Applicant thanks the Examiner for this de- 
tailed response, and would like to respond specifically in turn, in hopes agreement may 
be reached to advance the prosecution of this application. 

The Examiner likens Kwan's discussion of an 802. lx "multi-host" configuration 
to the Applicant's use of "logical subinterfaces." Specially, the Examiner refers to para- 
graph 0006 of Kwan that describes how 802. lx may support: 

a multiple host ("multi-host) configuration, in which one or more comput- 
ing devices are coupled to a single port of the switch. . . 

The Examiner further refers to paragraphs 0008, 0080-0081 and Fig. 6 of Kwan, which 
refer to a multi-host environment in which a plurality of user devices are coupled to a 
network access device. 

The Applicant respectfully requests reconsideration of the relevance of Kwan's 
discussion of "multi-host" configurations/environments to what the Applicant claims. 

A "multi-host" configuration, in the context of 802. lx, simply refers to a configu- 
ration where more than one computer device is allowed to access a port. The meaning of 
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"multi-host" is explained in well known reference texts. For example, "802. lx Port- 
Based Authentication" by Edwin Lyle Brown, CRC Press, 2006 describes: 

There are three possible values: single host, multi-host, and multi-host 
with multiple authenticators. Single host mode is what the name implies 
- only one mac-address is allowed on the port. Multi-host allows 
more than one host on the port. The port assumes the VLAN of the 
last Supplicant with a successful authentication. Multi-host with mul- 
tiple authentications interacts with port security features to restrict connec- 
tivity. 

(emphasis added, copy of relevant page attached herewith). 

When one of skill in the art reads Kwan's discussion of 802. lx multi-host configura- 
tions/environments, he or she simply understands that Kwan's techniques are not limited 
to having only a single device/host coupled to a port, but may allow several devices/hosts 
to be coupled to a port. 

The Applicant claims something quite different than this. Amended claim 1 re- 
cites "the shared media port being a physical interface. . ." and 'partitioning the shared 
media port into a plurality of logical subinterfaces, wherein a logical subinterface is a 
losical division of a physical interface " Rather than simply have several different net- 
works or subnetwork all communicate over a single undivided physical interface, the Ap- 
plicant logically divides a physical interface into logical structures referred to as "logical 
subinterfaces". Further, as recited in claim 1 , "each logical subinterface [is] dedicated to 
providing access to a different network or subnetwork." By using "logical subinter- 
faces" the Applicant is able to authenticate users to a finer level of granularity (i.e., at the 
subinterface level rather than at the port level) and to achieve other advantages. 

A "multi-host" configuration/environment simply does not suggest what is 
claimed. Nothing necessarily is logically divided in a "multi-host" configura- 
tion/environment. Multiple computing devices may simply communicate over a single 
undivided physical interface in a "multi-host" configuration. 
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Accordingly, the Applicant respectfully requests reconsideration of the pending 
rejections and of the relevance of Kwan's mention of "multi-host" configura- 
tions/environments to what is claimed. 

Claim Rejections - 35 U.S.C. §102 

At paragraphs 1 1-21 of the Final Office Action, claims 1-5, 8, 9, 11, 14, 15, 17- 
19, and 21-28 were rejected under 35 U.S.C. § 102(e) over Kwan et al., U.S. Publication 
No. 2003/0055570 (hereinafter "Kwan"). 

The Applicant's claim 1, representative in part of the other rejected claims, sets 

forth: 

1 . (CURRENTLY AMENDED) A method for implementing port-based 
network access control at a shared media port in an intermediate node, the 
shared media port being a physical interface coupled to a plurality of cli- 
ent nodes, the method comprising: 

partitioning the shared media port into a plurality of logical sub- 
interfaces, wherein a logical subinterface is a logical division of a physi- 
cal interface, each logical subinterface dedicated to providing access to a 
different network or subnetwork accessible through the intermediate node; 

receiving a data packet at the shared media port from a first client 

node; 

associating the received data packet with a first logical subinter- 
face in the plurality of logical subinterfaces; 

determining whether the first client node is authenticated to 
communicate over the first logical subinterface 's dedicated network or 
subnetwork; 

if the first client node is determined to be authenticated to commu- 
nicate over the first logical subinterface 's dedicated network or subnet- 
work, forwarding the received data packet over the first logical subinter- 
face 's dedicated network or subnetwork; 

receiving a second data packet at the shared media port from a sec- 
ond client node; 

associating the second received data packet with the first logical 
subinterface; 
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determining whether the second client node is authenticated to 
communicate over the first logical subinterface's dedicated network or 
subnetwork; and 

if the second client node is determined to not be authenticated to 
communicate over the first logical subinterface's dedicated network or 
subnetwork, preventing the second received data packet from being for- 
warded over the first logical subinterface's dedicated network or subnet- 
work, while still allowing data packets from the first client node to be for- 
warded if the first client node is determined to be authenticated 

Kwan discusses a multi-tiered network security system. See paragraphs 0008 and 
0028. A "first level comprises physical MAC address authentication of a user device. . . 
coupled to a port of a network access device." See paragraph 0028 "[I]f packets received 
from user device 108 have a source MAC address that does not match any of the secure 
addresses... the network access device 102 either drops the packets or, alternately disable 
the port entirely." See paragraph 0039 and Fig. 3, box 308. "The second level comprises 
authentication of the user of the user device, such as authentication in accordance with 
the IEEE 802. lx standard." See paragraph 0028. "[I]f the user is not valid. . .network ac- 
cess device 102 blocks all traffic on the port except for the reception or transmission of 
packets related to the user authentication protocol (802. lx control packets)." See para- 
graph 0039 and Fig. 3, box 314. "The third level comprises dynamic assignment of a 
particular user policy to the port based on the identity of the user. . .", for example, to de- 
termine if resources are available to service the user device." See paragraph 0028 and 
0042. "If sufficient resources are not available, then network access device 102 blocks 
all traffic on the port except for the reception or transmission of packets related to the 
user authentication protocol (802. lx control packets)." See paragraph 0039 and Fig. 3, 
box 322. 

The Applicant respectfully directs the Examiner's attention to the claimed 
"shared media port being a physical interface" and "partitioning the shared media port 
into a plurality of logical subinter faces, wherein a logical subinterface is a logical divi- 
sion of a physical interface," and "associating the received data packet with a first logi- 
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cal subinterface in the plurality of logical subinterfaces" and "determining whether the 
first client node is authenticated to communicate over the first logical subinterface' s 
dedicated network or subnetwork.'''' 

As discussed above in the section titled "Response to Examiner's Response to 
Arguments", Kwan does not suggest logically dividing a physical interface into "logical 
subinterfaces." While Kwan does discuss multi-host configurations/environments, in 
which a plurality of user devices are coupled to a port, there is no mention of the port be- 
ing logically divided in any manner, into any types of logical subinterfaces. 

As such, Kwan cannot fairly be interpreted as teaching associating a received 
data packet with a first logical subinterface in a plurality of logical subinterface. In 

rejecting this limitation, the Examiner points to paragraphs 0032 and 0034 of Kwan. 
However paragraphs 0032 and 0034 merely discuss associating a data unit with an out- 
put port based on a destination address, not associating a data unit with a specific logi- 
cal subinterface of multiple logical subinterfaces of an output port. Again, nothing akin 
to a logical subinterface is mentioned in these paragraphs. 

Further, Kwan cannot fairly be interpreted as teaching determining whether a 
first client node is authenticated to communicate over the first logical subinterface's 
dedicated network or subnetwork. In rejecting this limitation, the Examiner points to 
paragraph 0028 of Kwan. However, paragraph 0028 makes no mention of a network or 
subnetwork being associated with a particular logical subinterface. Paragraph 0028 
simply discusses various types of authentication that may occur on a port. 

Accordingly, the Applicant respectfully urges that Kwan is legally insufficient to 
anticipate the present claims under 35 U.S.C. §102 because of the absence of the Appli- 
cant's claimed novel "the shared media port being a physical interface" and "partition- 
ing the shared media port into a plurality of logical subinterfaces, wherein a logical 
subinterface is a logical division of a physical interface," and "associating the received 
data packet with a first logical subinterface in the plurality of logical subinterfaces" 
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and "determining whether the first client node is authenticated to communicate over 
the first logical subinterf ace's dedicated network or subnetwork" 

Claim Rejections - 35 U.S.C. §103 

At paragraphs 23-31 of the Final Office Action, claims 6 and 10 were rejected 
under 35 U.S.C. §103 (a) over Kwan in view of Ng et al., U.S. Publication No. 
2005/0177865 (hereinafter "Ng"). 

At paragraphs 32-36 of the Final Office Action, claims 7, 16 and 20 were rejected 
under 35 U.S.C. §103 (a) over Kwan in view of Haverinen et al., U.S. Publication No. 
2004/0208151 (hereinafter "Haverinen"). 

At paragraphs 37-40 of the Final Office Action, claim 12 was rejected under 35 
U.S.C. § 103(a) over Kwan and in further view of Inoue et al., U.S. Patent No. 6,891,819 
(hereinafter "Inoue"). 

At paragraphs 41-44 of the Final Office Action, claim 13 was rejected under 35 
U.S.C. § 103(a) over Kwan and in further view of Roese, U.S. Publication No. 
2004/0158735 (hereinafter "Roese"). 

The Applicant notes that all of the claims rejected under U.S.C. § 103 are depend- 
ent claims which depended from independent claims believed to be allowable for at least 
the reasons discussed above. The dependent claims are believed to be allowable due to 
their dependency, as well as for other separate reasons. 

Should the Examiner believe telephonic contact would be helpful in the 
disposition of this Application, the Examiner is encouraged to call the undersigned 
attorney at (617) 951-2500. 

In summary, all the independent claims are believed to be in condition for allow- 
ance and therefore all dependent claims that depend there from are believed to be in con- 
dition for allowance. The Applicant respectfully solicits favorable action. 
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Please charge any additional fee occasioned by this paper to our Deposit Account 
No. 03-1237. 

Respectfully submitted, 



_/' James A. Blanchette/ 

James A. Blanchette 
Reg. No. 51,477 

CESARI AND MCKENNA, TLP 
88 Black Falcon Avenue 
Boston, MA 02210-2414 
(617) 951-2500 
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